Your Peace of Mind is our Commitment

Contact Us English Recent Articles


First published: 15th August 1998

F-Secure Anti-Virus detects and removes the new trojan horse

Hong Kong, China. August 15, 1998 - Yui Kee announces that Data Fellows, one of the world's leading data security development companies, has added detection and removal of the Back Orifice trojan horse to its F-Secure Anti-Virus program.

Back Orifice is a remote control tool released by the Cult of the Dead Cow (cDc) group. The trojan horse allows an intruder to monitor and tamper with Windows 95 and Windows 98 computers over the Internet. There is no easy way for a computer user to know the attack is taking place, and there is no easy way to stop the attack once Back Orifice has installed itself on the computer.

In a typical attack, the intruder sends the Back Orifice trojan horse to his victim as a program attached to e-mail. When the e-mail recipient executes the program attachment, the trojan horse opens connections from the computer to the Internet. This allows the intruder to control the computer. The trojan horse is invisible and will restart itself automatically even if Windows is re-booted.

Back Orifice allows a hacker to view and modify any files on the hacked computer. It can create a log file of the computer user's actions. It can take screen shots of the computer screen and send them back to the hacker. And it can be used to send messages to the user of the computer. Or it can simply crash the computer.

Back Orifice has been available for free downloading to anyone via the cDc Web site. According to cDc, Back Orifice was downloaded more than 14,000 times the first day it was made available. But so far, there has been no documented cases of it being used maliciously.

"Back Orifice is a seriously advanced tool for wannabe hackers," comments Yui Kee's Technical Director, Mr. Allan Dyer. "However, it presents little that's new. The trojan horse still must be executed before it does anything. Back Orifice doesn't have any way to infiltrate the user's machine automatically."

Data Fellows has updated its Anti-Virus product, F-Secure Anti-Virus, to handle the Back Orifice trojan horse. "We have to remember that Back Orifice is not a virus, it's just a simple trojan horse. It doesn't spread by itself, and it doesn't attempt to replicate itself to users' files. Its attack doesn't escalate," says Dyer.

F-Secure Anti-Virus includes a real-time protection component, F-Secure Gatekeeper. Gatekeeper will stop Back Orifice in real-time when sent to a computer. It is stopped whether the file arrives via the Web, e-mail, floppy disk or a LAN. Even if the Back Orifice trojan horse is disguised through encryption, Gatekeeper will detect and stop it when it tries to copy itself to the system directory.

F-Secure Anti-Virus products include tools that protect LANs at the gateway. An administrator will know immediately whenever e-mail carrying Back Orifice is sent to people inside the organization.

F-Secure Anti-Virus is updated daily. To stop the Back Orifice trojan horse, go to our Website at You can update an existing F-Secure Anti-Virus installation, or you can download a free evaluation copy of F-Secure Anti-Virus.